search

snowie2000 / mactype

Better font rendering for Windows.
https://mactype.net
GNU General Public License v3.0
10.02k stars 442 forks source link

ArmBreaker is not working #750

Closed wmjordan closed 3 years ago

wmjordan commented 3 years ago

I removed the --disable-features=RendererCodeIntegrity from the shortcut of vivaldi.exe and added the following part into the MacType.ini between the [MacType] and [UnloadDll] sections.

[experimental@vivaldi.exe]
ArmBreaker=1

I closed the Vivaldi then restarted the MacType service, then the Vivaldi.

image

From the Chinese characters on the top-right side of the interface, I felt that MacType was not in effect. The correct effect with --disable-features=RendererCodeIntegrity in the shortcut when launching vivaldi was like the following:

image

Changing the option to global did not help either.

[experimental]
ArmBreaker=1

Originally posted by @wmjordan in https://github.com/snowie2000/mactype/issues/720#issuecomment-852983636

snowie2000 commented 3 years ago

You have to add armbreaker to your profile. It doesn't work in mactype.ini as an override option.

wmjordan commented 3 years ago

Oh, usually I put application specific things in the MacType.ini but not in the style related ini file. So I can switch to another one without duplicating those application specific settings around ini files.

snowie2000 commented 3 years ago

As it is an "experimental" option I prefer to keep the experiment in a small scale. 😄 that's why this option can't be globally effective.

wmjordan commented 3 years ago

I supposed that the following in MacType.ini would be applied to Vivaldi.exe only.

[experimental@vivaldi.exe]
ArmBreaker=1
wmjordan commented 3 years ago

why this option can't be globally effective.

Oh, I see. You meant that option should not be placed with the MacType.ini file that shipped with the installation package, otherwise all users would be affected.

snowie2000 commented 3 years ago

All options in the experimental section are not stable or may somewhat intrude the system or maybe some sort of hacks that are not suitable for all situations. I personally consider them to be "use with care".

wmjordan commented 3 years ago

Yes, I understood.

I was adding the above setting snippet into the MacType.ini file manually after installation, not that setting was by default there.

If the setting can be added after installation there by the user, the user can switch ini files without copying those settings around ini files. It is a small case of convenience.

wmjordan commented 3 years ago

I just put the following setting into the end of my profile ini file (DeepGrayNoHinting.zip), then restarted the service.

[experimental@vivaldi.exe]
ArmBreaker=1

It was not working either.

snowie2000 commented 3 years ago

I tried with your profile and it doesn't work. After fiddling with it a bit, I figured out that you need a stronger armbreaker, 2, to make it happy.

After that, you should be able to see all vivaldi.exe processes are marked as running in macwiz

wmjordan commented 3 years ago

I tried ArmBreaker=2. It did not work either.

image image

snowie2000 commented 3 years ago

It for sure works. Restart your computer and use service mode.

wmjordan commented 3 years ago

Unfortunately it just did not work, after restarting my computer.

I am using the service mode.

snowie2000 commented 3 years ago

Just by replacing the armbreaker=1 to 2, it works perfectly with vivaldi on my system.

Since it's very hard to figure out why it doesn't work on yours, I suppose there are software conflict with mactype or maybe your mactype installation is not complete and not all files are up to date.

wmjordan commented 3 years ago

Both 1 and 2 have been tried. Neither of them worked.

Had you removed the policy in your registry, and started Vivaldi without the --disable-features=RendererCodeIntegrity argument when you tested it?

The following is the list of files in my MacType folder.

2021/05/07  15:20             8,783 ChangeLog.txt
2021/04/28  14:18           280,064 EasyHK32.dll
2021/04/28  14:17           335,360 EasyHK64.dll
2017/06/02  15:05            88,974 gb.txt
2020/04/26  10:19           135,909 gdi++11px.txt
2017/06/02  15:05            80,896 GdiBench.exe
2017/06/02  15:05               716 GdiBench.ini
2021/06/02  17:57    <DIR>          ini
2021/06/02  17:56    <DIR>          languages
2021/06/01  16:18            35,149 license.txt
2017/06/02  15:05            15,872 MacLoader.exe
2017/06/02  15:05            69,632 MacLoader64.exe
2021/04/28  14:34         3,081,728 MacTray.exe
2021/06/01  16:18         2,291,200 MacTuner.exe
2021/05/07  14:56           895,488 MacType.Core.dll
2021/05/07  14:59           125,440 MacType.dll
2021/06/03  20:38             1,618 MacType.ini
2021/05/07  14:56         1,058,304 MacType64.Core.dll
2021/05/07  14:59           159,744 MacType64.dll
2017/06/02  15:05            69,120 MacWiz.exe
2021/06/01  16:18           104,960 mt64agnt.exe
2021/06/02  17:57            21,331 unins000.dat
2021/06/02  17:56         1,291,175 unins000.exe
2021/06/01  16:18           686,080 updater.exe
2021/06/02  17:57               343 updater.ini
2020/04/23  17:05    <DIR>          updates
snowie2000 commented 3 years ago

I never used Vivaldi before so there is nothing related in my registry.

ssssssbbb commented 3 years ago

Made not difference in CentBrowser with or without "--disable-features=RendererCodeIntegrity". What's its exact visual effect?

snowie2000 commented 3 years ago

Centbrowser has no integrity check, so no armbreaker is needed.

snowie2000 commented 3 years ago

MacType64-with-trace.zip @wmjordan Please overwrite mactype64.dll with this one. And observe the debug output with a tool from https://github.com/CobaltFusion/DebugViewPP

When you launch vivaldi, it should give you something like "MS Sign policy mark has been removed."

wmjordan commented 3 years ago

Thank you for looking into this.

Vivaldi startup argument: vivaldi.exe --disable-lcd-text

Here's the log: DebugView++.log

At the end of DeepGrayNoHinting.ini:

[Experimental@vivaldi.exe]
ArmBreaker=2
snowie2000 commented 3 years ago

This means your profile is buggy, it doesn't detect that you set this flag.

wmjordan commented 3 years ago

image

wmjordan commented 3 years ago

What is this setting supposed to be applied to vivaldi.exe?

wmjordan commented 3 years ago

The log wrote:

13.837439   2021/06/04 10:28:10.851 12108   vivaldi.exe [MTBootstrap] Creating child process vivaldi.exe...
13.862217   2021/06/04 10:28:10.876 12108   vivaldi.exe [MTBootstrap] [Injector] PID 9048
13.862608   2021/06/04 10:28:10.876 12108   vivaldi.exe [MTBootstrap] Loader is injected at 0x1a70e0c0000
13.862654   2021/06/04 10:28:10.876 12108   vivaldi.exe [MTBootstrap] Injecting to vivaldi.exe success

But from the above screenshot, the PID 9048 was disabled.

snowie2000 commented 3 years ago

This is what it should look like

0.035933    2021/06/04 10:35:39.527 9760    vivaldi.exe [MTBootstrap] dwIntegrityLevel<SECURITY_MANDATORY_SYSTEM_RID -> user process
0.037218    2021/06/04 10:35:39.528 9760    vivaldi.exe [MTBootstrap] Loading on startup
0.058721    2021/06/04 10:35:39.550 9760    vivaldi.exe [MTBootstrap] Load "C:\Program Files\MacType\MacType64.Core.dll" at 0xc9250000, err=0x1e7
0.405115    2021/06/04 10:35:39.896 9432    vivaldi.exe [MTBootstrap] Creating child process vivaldi.exe...
0.407606    2021/06/04 10:35:39.898 9432    vivaldi.exe [MTBootstrap] Policy binary [0]: 0x111000100011000
0.407631    2021/06/04 10:35:39.898 9432    vivaldi.exe [MTBootstrap] Policy binary [1]: 0x10000
0.416387    2021/06/04 10:35:39.907 9432    vivaldi.exe [MTBootstrap] [Injector] PID 9072
0.419007    2021/06/04 10:35:39.910 9432    vivaldi.exe [MTBootstrap] Loader is injected at 0x244e0b70000
0.419213    2021/06/04 10:35:39.910 9432    vivaldi.exe [MTBootstrap] Injecting to vivaldi.exe success
0.420038    2021/06/04 10:35:39.911 9432    vivaldi.exe [MTBootstrap] Creating child process vivaldi.exe...
0.425259    2021/06/04 10:35:39.916 9432    vivaldi.exe [MTBootstrap] [Injector] PID 10612
0.425442    2021/06/04 10:35:39.916 9432    vivaldi.exe [MTBootstrap] Loader is injected at 0x164f6390000
0.425530    2021/06/04 10:35:39.916 9432    vivaldi.exe [MTBootstrap] Injecting to vivaldi.exe success
0.434750    2021/06/04 10:35:39.926 10612   vivaldi.exe [MTBootstrap] Attaching
0.435231    2021/06/04 10:35:39.926 10612   vivaldi.exe [MTBootstrap] dwIntegrityLevel<SECURITY_MANDATORY_SYSTEM_RID -> user process
0.435934    2021/06/04 10:35:39.927 10612   vivaldi.exe [MTBootstrap] Loading on startup
0.453561    2021/06/04 10:35:39.944 10612   vivaldi.exe [MTBootstrap] Load "C:\Program Files\MacType\MacType64.Core.dll" at 0xc9250000, err=0x1e7
0.504616    2021/06/04 10:35:39.996 9432    vivaldi.exe [MTBootstrap] Creating child process vivaldi.exe...
0.505233    2021/06/04 10:35:39.996 9432    vivaldi.exe [MTBootstrap] Policy binary [0]: 0x111000100011000
0.505407    2021/06/04 10:35:39.996 9432    vivaldi.exe [MTBootstrap] Policy binary [1]: 0x10000
0.512060    2021/06/04 10:35:40.003 9432    vivaldi.exe [MTBootstrap] [Injector] PID 12312
0.515769    2021/06/04 10:35:40.007 9432    vivaldi.exe [MTBootstrap] Loader is injected at 0x157971b0000
0.518647    2021/06/04 10:35:40.010 9432    vivaldi.exe [MTBootstrap] Injecting to vivaldi.exe success
0.526848    2021/06/04 10:35:40.018 9432    vivaldi.exe [MTBootstrap] Creating child process vivaldi.exe...
0.526886    2021/06/04 10:35:40.018 9432    vivaldi.exe [MTBootstrap] Policy binary [0]: 0x111100110011000
0.526909    2021/06/04 10:35:40.018 9432    vivaldi.exe [MTBootstrap] MS Sign policy mark has been removed.
0.526931    2021/06/04 10:35:40.018 9432    vivaldi.exe [MTBootstrap] Policy binary [1]: 0x10000
0.532504    2021/06/04 10:35:40.024 9432    vivaldi.exe [MTBootstrap] [Injector] PID 10820

once the armbreaker is activated, you should see logs with Policy binary in it.

wmjordan commented 3 years ago

Could you post your ini file and let me test it on my computer?

snowie2000 commented 3 years ago

MacType64-with-trace2.zip

I made a more detailed one. It should tell you what the armbreaker value really is.

wmjordan commented 3 years ago

Armbreaker is set to 0

Is the value case-sensitive?

snowie2000 commented 3 years ago

No, it's case-insensitive. I can confirm it.

snowie2000 commented 3 years ago

I reviewed the code related to settings reading, and looks like the option armbreaker can be read from the global file mactype.ini, and the setting in the actual profile can override it like other options.

wmjordan commented 3 years ago

Could it because of the other settings in MacType.ini?

[General]
AlternativeFile=ini\DeepGrayNoHinting.ini

[MacType]
RedrawDelay=5000
AutoEnable=1
HideDenied=1
AutoUnload=1
AutoRun=0
LoadType=1
Use64Agent=1
HideACD=1
Language=2

[UnloadDll]
; List of .exes that don't support MacType, or have no GUI
igfxCUIService.exe
igfxEM.exe
igfxHK.exe
lass.exe
SearchIndexer.exe
OfficeClickToRun.exe
SearchProtocolHost.exe
SearchFilterHost.exe
stacsv64.exe
QHSafeTray.exe
QHWatchdog.exe
QHActiveDefense.exe
SynTPHelper.exe
SynTPEnh.exe
NVDisplay.Container.exe
node.exe
CCXProcess.exe
AdobeIPCBroker.exe
audiodg.exe
fontforge.exe
VirtualBox.exe
VBoxSVC.exe
vmnat.exe
vmnetdhcp.exe
vmware-authd.exe
vmware-vmx.exe
vmware-usbarbitrator64.exe
MsMpEng.exe
pia-service.exe
RuntimeBroker.exe
services.exe
spoolsv.exe
taskhostw.exe
snowie2000 commented 3 years ago

No, this parser reads specifically the values it wants. Here is what this piece of code looks like

//profile parser
void ParseConfig() {
    WCHAR szFileName[MAX_PATH] = { 0 };
    int nSize = GetModuleFileName(g_inst, szFileName, MAX_PATH);
    if (nSize) {
        ChangeFileName(szFileName, nSize, TEXT("MacType.ini"));
        CParseIni ini;
        ini.LoadFromFile(szFileName);
        if (ini.IsPartExists(L"UnloadDll"))
            LoadIniSection(ini, L"UnloadDll", g_UnloadList);
        if (ini.IsPartExists(L"ExcludeModule"))
            LoadIniSection(ini, L"ExcludeModule", g_ExcludeList);
        if (ini.IsPartExists(L"IncludeModule"))
            LoadIniSection(ini, L"IncludeModule", g_IncludeList);
        g_HookChildProc = ini[L"General"][L"HookChildProcesses"].ToInt(0);
        g_nArmBreaker = ini[L"Experimental"][L"ArmBreaker"].ToInt(0);
        g_bUseInclude = ini[L"General"][L"UseInclude"].ToInt(0);
        LPCWSTR lpAlter = (LPCWSTR)ini[L"General"][L"AlternativeFile"];
        if (lpAlter) {
            TCHAR szAlter[MAX_PATH] = { 0 };
            wcscpy_s(szAlter, lpAlter);
            CParseIni iniAlter;
            if (PathIsRelative(lpAlter)) {
                TCHAR szDir[MAX_PATH];
                wcsncpy(szDir, szFileName, MAX_PATH);
                PathRemoveFileSpec(szDir);
                PathCombine(szAlter, szDir, szAlter);
            }           
            iniAlter.LoadFromFile(szAlter);
            g_HookChildProc = iniAlter[L"General"][L"HookChildProcesses"].ToInt(0);
            g_nArmBreaker = iniAlter[L"Experimental"][L"ArmBreaker"].ToInt(0);
            g_bUseInclude = iniAlter[L"General"][L"UseInclude"].ToInt(0);
            if (iniAlter.IsPartExists(L"UnloadDll")) 
                LoadIniSection(iniAlter, L"UnloadDll", g_UnloadList);
            if (iniAlter.IsPartExists(L"ExcludeModule"))
                LoadIniSection(iniAlter, L"ExcludeModule", g_ExcludeList);
            if (iniAlter.IsPartExists(L"IncludeModule"))
                LoadIniSection(iniAlter, L"IncludeModule", g_IncludeList);

        }
    }
}
snowie2000 commented 3 years ago

MacType64-with-trace3.zip

Alright, now it tells you what it reads from your profile and from the global one.

wmjordan commented 3 years ago

[MTBootstrap] Read armbreaker from mactype.ini: 0 [MTBootstrap] Read armbreaker from profile: 0

snowie2000 commented 3 years ago

Hmm, please upload your mactype.ini and your profile as is.

wmjordan commented 3 years ago

Here are they.

MacType.ini.txt DeepGrayNoHinting.ini.txt

snowie2000 commented 3 years ago

Why the profile ended with .txt? I mean the exact same file you're using. You could zip it before uploading to preserve its encodings and other info.

wmjordan commented 3 years ago

Please use this: MacType.zip

snowie2000 commented 3 years ago

Okay, I finally realized that the @ grammar doesn't work for armbreaker. It needs to be added to the bootstrap as well. My bad.

For now, just use it with a regular experimental section.

wmjordan commented 3 years ago 
[Experimental]
ArmBreaker=2

With the above in the profile, it works on Vivaldi.

snowie2000 commented 3 years ago

So, may I call it case closed?

wmjordan commented 3 years ago

Will the above setting be applied to all applications on my computer?

snowie2000 commented 3 years ago

Unfortunately, yes.

The bootstrap part doesn't have any per-program config design in it. It needs to be implemented in the next release.

wmjordan commented 3 years ago

Since ArmBreaker = 1 does not work, and it has to be applied to all applications, I am afraid that we may have to change the Wiki page as well then...

snowie2000 commented 3 years ago

Since ArmBreaker = 1 does not work, and it has to be applied to all applications, I am afraid that we may have to change the Wiki page as well then...

ArmBreaker=1 does work, it's just not powerful enough to make Chrome (and alike) work.

Ok, I realized that I said in the wiki that Chrome needs 1...

wmjordan commented 3 years ago

Yep, that's it.

snowie2000 commented 3 years ago

It's not any more~

wmjordan commented 3 years ago

Alright, let's close this now.

wmjordan commented 3 years ago

Please enable this option per executable so it does not affect system security too severely. Softwares can also use registry to apply mitigation policy to them before they are launched, which can't be intercepted and has to be removed manually from registry (or from group policy editor) The registry path for mitigation policy is SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions\ProcessMitigationOptions under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER As of RC1, this option doesn't work in mactype.ini globally, you need to add it to your in-use profile.

Maybe "Please enable this option per executable so it does not affect system security too severely" in the Wiki has to be revised as well, since it might mislead other users.